Missing description for security group rule.
Security group rules should include a description for auditing purposes.
Simplifies auditing, debugging, and managing security groups.
Impact
Descriptions provide context for the firewall rule reasons
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Add descriptions for all security groups rules
1
2
3
4
5
6
7
8
9
10
11
12
|
AWSTemplateFormatVersion: 2010-09-09
Description: Good example of SGR description
Resources:
GoodSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Limits security group egress traffic
SecurityGroupEgress:
- CidrIp: 127.0.0.1/32
Description: "Can connect to loopback"
IpProtocol: "-1"
|
Add descriptions for all security groups rules
1
2
3
4
5
6
7
8
9
10
11
12
13
|
resource "aws_security_group" "good_example" {
name = "http"
description = "Allow inbound HTTP traffic"
ingress {
description = "HTTP from VPC"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [aws_vpc.main.cidr_block]
}
}
|
Links